Common Vulnerabilities and Exposures assigned an identifier CVE-2009-5017 to the following vulnerability: Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. References: [1] http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html [2] http://hg.mozilla.org/releases/mozilla-1.9.2/rev/e42c563313a0 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=511859 [4] https://bugzilla.mozilla.org/show_bug.cgi?id=522634 Reference public PoC: [5] https://bugzilla.mozilla.org/show_bug.cgi?id=511859#c1 Upstream changeset: [6] https://bugzilla.mozilla.org/show_bug.cgi?id=511859#c20
This issue did NOT affect the versions of the firefox package, as shipped with Red Hat Enterprise Linux 4, 5, or 6 (particular versions already contain fix for this issue). -- This issue affects the latest version of the firefox package, as shipped with Fedora release of 12. This issue does NOT affect the version of the firefox package, as shipped with Fedora release of 13 and 14 (current latest versions already contain fix for this issue).
Created firefox tracking bugs for this issue Affects: fedora-12 [bug 656306]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.